cryptbot

General

Target

44e07e65592320653431e87050b8714f
Size

4.4MB
Sample

240106-ba892sdfej
MD5

44e07e65592320653431e87050b8714f
SHA1

337bf5031b7af55d8086087055232b1f7478115f
SHA256

3febf03463e0e65ef9d0fc4e8a38f01dd7c6dfee10258876981539b7a319a620
SHA512

fe367aea2a8822cb7a1d80cc4971702c666b757bbc5815f555da0714b5659b5283b28269d54ee4ce22664adff40cc0f28b90d7fd80ad911af11b14281ba4a1c8
SSDEEP

98304:yZ1kDmwxdhbRSUnR1tooSvpKoLiRZmmYjWNiOm:yZ1kDmwxdh3Beps4JWNiN

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

pub1

C2

viacetequn.site:80

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Extracted

Family

nullmixer

C2

http://hsiens.xyz/

Extracted

Family

cryptbot

C2

knumfl68.top

morwye06.top

Attributes

payload_url
http://sarjeb09.top/download.php?file=lv.exe

Targets

- Target
  
  44e07e65592320653431e87050b8714f
- Size
  
  4.4MB
- MD5
  
  44e07e65592320653431e87050b8714f
- SHA1
  
  337bf5031b7af55d8086087055232b1f7478115f
- SHA256
  
  3febf03463e0e65ef9d0fc4e8a38f01dd7c6dfee10258876981539b7a319a620
- SHA512
  
  fe367aea2a8822cb7a1d80cc4971702c666b757bbc5815f555da0714b5659b5283b28269d54ee4ce22664adff40cc0f28b90d7fd80ad911af11b14281ba4a1c8
- SSDEEP
  
  98304:yZ1kDmwxdhbRSUnR1tooSvpKoLiRZmmYjWNiOm:yZ1kDmwxdh3Beps4JWNiN
Score

10^/10

cryptbot nullmixer redline sectoprat smokeloader pub1 pub5 aspackv2 backdoor dropper infostealer rat spyware stealer trojan
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

CryptBot payload

NullMixer

RedLine

RedLine payload

SectopRAT

SectopRAT payload

SmokeLoader

ASPack v2.12-2.42

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2